What happens while updating
To upgrade your OneAuth app and move to the new encryption process, we will ask you to enter your passphrase. Using your passphrase, we will decrypt the OTP secret keys in Cloud (which were encrypted with AES-ECB mode) to plaintext secret keys. Then, we will encrypt these plaintext secret keys with AES-GCM mode and then store them in Cloud. This way, we will have moved from the old encryption process to the new process (i.e, AES-GCM).
If you don't remember your passphrase, there is no way to decrypt the secret keys present on Cloud, which means they cannot be recovered. However, if you have all your secret keys present locally on your device (i.e., in the Authenticator tab of your OneAuth app), then you can simply reset your passphrase. The secret keys on your device will be encrypted with AES-GCM mode and stored in Cloud.
The problem arises when you don't have all your secret keys locally on any of your devices. When you reset passphrase, the secret keys that you don't have on your device will be lost. You will have to reset TFA for those accounts and add them again in OneAuth.
Steps to update
- Get the lateset version of the app from Appstore/Playstore. For Windows, you can get the app from Microsoft Store.
- Open OneAuth and go to the Authenticator tab.
- In the What's New screen, tap Get Started.
- To complete the upgrade, you will need to enter your passphrase. Tap Continue, enter your passphrase, then tap Done.
Forgot your passphrase?
If you forgot your passphrase, we will inform what you can do, based on whether you have all the secret keys available on your device or not.
Case 1: You have the same number of accounts on device as in Cloud
In this case, you can tap View accounts to see the accounts you have on your device and the ones available on Cloud. If all the required accounts are present on your device, you can safely reset your passphrase.
Case 2: Some accounts present on Cloud is missing on your device
You can tap Accounts at risk to see which accounts are missing on device. These accounts cannot be recovered if you reset your passphrase.
However, if you're using OneAuth on multiple devices and the missing accounts are present on any of those devices, you can recover them. Follow the steps below:
- On your current device, Click Continue and reset your passphrase. The update will be completed and the accounts on your device will be stored on Cloud.
- Now, on the device where you have the missing accounts, update the OneAuth app.
- Go to the Authenticator tab.
- Tap Get Started, then tap Continue.
- Enter your new passphrase (which you've reset), then tap Done. The additional accounts present on this device will get backed up to Cloud.